Newswise — ALBANY, N.Y. (Oct. 9, 2019) – The National Science Foundation (NSF) has awarded Sanjay Goel from the School of Business a nearly $300,000 grant to combat ‘insider’ threats in cybersecurity.
The grant, awarded as part of the NSF’s Secure and Trustworthy Computing Program, will fund research that seeks to identify early warning signs of malicious behavior within an organization or business.
Goel said that attacks conducted by ‘insiders,’ or a company’s existing employees, allow them to evade traditional security controls because the perpetrators often have legitimate access to protected systems and data.
“We often find that disgruntlement and perceived injustice are factors that can contribute to developing strong motivations for data theft,” said Goel, a professor of information security and digital forensics at UAlbany.
Security breaches by otherwise loyal employees can also occur after accumulating strain from psychological stressors such as harassment or being overworked, according to Goel, saying a sense of helplessness in changing their situation can lead employees to seek antagonistic avenues for dealing with their grievances.
In a study conducted between 2016-2018, Goel collaborated with Kevin Williams, a psychology professor at UAlbany and dean of The Graduate School, as well as partners from General Electric Global Research in Niskayuna, N.Y. to conduct a series of behavioral experiments.
The study explored the effectiveness of “probes,” or simulated opportunities for internal hackers to misuse the system, in identifying potential bad actors.
For the NSF-funded research, Goel said he plans to build upon this work in order to understand how strain on employees leads them to become malicious, and how employers might foster more positive environments.
“We want to better understand the point at which employees get frustrated enough to retaliate against their employers,” Goel said. “Rather than simply removing access to systems, what interventions could companies put in place to mitigate escalation and prevent breaches?”
He said undergraduate and graduate students from the School will assist in designing, conducting and running analyses.
School of Business Dean Nilanjan Sen said that the grant will advance the School’s “extensive research portfolio in information security” and prepare students for success in the field of digital forensics.
The two-year project, “Thwarting the Malicious Insider Evolution Process: The Theory of Strained Betrayal,” began last month.